当我尝试访问 index.html 时,我当前的 NGINX 配置会导致无限循环重定向到 https。有人有正确的方法吗?
目标是将端口 443 上用于启动 WSS 连接的入站请求转发到同一端口上本地主机的 WS 连接。此外,要将端口 443 上针对 Web 文件的请求转发到本地主机端口 80。
这是重定向conf(位于/etc/nginx/conf.d/myFQDN.conf中
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream to-websocket {
server localhost:25565;
}
server_tokens off;
# SSL requirements. We use Certbot and LetsEncrypt
#ssl_certificate /etc/letsencrypt/live/-myFQDN-/fullchain.pem; # managed by Certbot
#ssl_certificate_key /etc/letsencrypt/live/-myFQDN-/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
server {
# first redirect to https
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
# Now webserver
# Port 80 shouldn't be accesed from outside
listen 80 default_server;
listen [::]:80 default_server;
server_name -myFQDN- www.-myFQDN-;
return 404; # managed by Certbot
root /var/www/html;
}
server {
root /var/www/html;
index index.html index.htm;
server_name -myFQDN-;
# Proxy our outside https to local http
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/-myFQDN-/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/-myFQDN-/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
try_files /nonexistent @$http_upgrade;
}
location @websocket {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host -myFQDN-;
proxy_set_header Referer https://-myFQDN-;
proxy_set_header Referrer https://-myFQDN-;
# proxy_pass http://localhost:25565;
proxy_pass http://to-websocket;
}
location @ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host -myFQDN-;
proxy_set_header Referer https://-myFQDN-;
proxy_set_header Referrer https://-myFQDN-;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:80;
}
}